dohertj2/scadalink-design
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

docs(audit): add M5 payload+redaction implementation plan (#23)

Browse Source 
4 bundles: filter+truncation, redactors (header/body/SQL-param), wire
into all emission paths + health metric, config+perf+safety-net.

Vocabulary translation locked: error-row cap (64 KB) on Status NOT IN
(Delivered, Submitted, Forwarded). Filter integration point in each
writer (FallbackAuditWriter, CentralAuditWriter, AuditLogIngestActor)
BEFORE storage call.
This commit is contained in:
Joseph Doherty
2026-05-20 16:56:56 -04:00
parent dae6de2c48
commit e7b40c1c50
1 changed files with 20 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
docs/plans/2026-05-20-auditlog-m5-payload-redaction.md Normal file
View File

@@ -0,0 +1,20 @@
# Audit Log #23 — M5 Payload + Redaction Implementation Plan
> **For Claude:** REQUIRED SUB-SKILL: Use superpowers-extended-cc:subagent-driven-development (bundled cadence).
**Goal:** Filter pipeline (IAuditPayloadFilter) runs between event construction and writer call. Truncates to 8 KB / 64 KB on error; applies HTTP header redactors (default list from M1-T9 AuditLogOptions); applies body regex redactors (global + per-target); applies SQL parameter redactors (per-connection opt-in); over-redacts on regex error and increments AuditRedactionFailure metric. Hot-reloadable config via IOptionsMonitor.
**Vocabulary (M1 reality):** Error-row cap (64 KB) triggers when `Status NOT IN (AuditStatus.Delivered, AuditStatus.Submitted, AuditStatus.Forwarded)` — i.e., on `Failed/Parked/Discarded/Attempted/Skipped`. The roadmap's M5-T2 step references (Status=TransientFailure/PermanentFailure) are stale pre-M1 wording. Translation: `TransientFailure` = `Attempted` with HttpStatus 5xx OR `Failed`; `PermanentFailure` = `Failed`.
**M4 realities baked in:** AuditingDb decorators, NotificationOutboxActor, AuditWriteMiddleware, site emission paths all need filter pluggin. Filter is invoked in:
- FallbackAuditWriter.WriteAsync (site chain) — before SqliteAuditWriter.WriteAsync.
- CentralAuditWriter.WriteAsync (central direct-write) — before IAuditLogRepository.InsertIfNotExistsAsync.
- AuditLogIngestActor handlers — before InsertIfNotExistsAsync/UpsertAsync.
**Bundles:**
- Bundle A — Filter contract + truncation (T1, T2).
- Bundle B — Header + body + SQL param redaction (T3, T4, T5).
- Bundle C — Wire into emission paths + health metric (T6, T7).
- Bundle D — Configuration binding + perf + safety-net edge cases (T8, T9, T10).
Final cross-bundle review + merge.